| タイトル | WebSystems WebTOTUM (2026) Cross Site Scripting |
|---|
| 説明 | WebTOTUM is a cloud-based business management software developed by WebSystems and it's an all-in-one platform for managing a company’s operations online.
A stored cross-site scripting (XSS) vulnerability has been discovered in the software that allows attackers to inject web scripts or arbitrary HTML code by manipulating the calendar feature on the homepage dashboard. The payload is stored on the server and executed in the context of other users’ browsers when they access the affected page. This vulnerability arises from insufficient validation or escaping of user-supplied input and may allow attackers to compromise user sessions or perform unauthorized actions. |
|---|
| ソース | ⚠️ https://olografix.org/acme/WebTOTUM-POC.gif |
|---|
| ユーザー | acme (UID 61097) |
|---|
| 送信 | 2026年04月01日 12:56 (26 日 ago) |
|---|
| モデレーション | 2026年04月21日 13:56 (20 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 358434 [WebSystems WebTOTUM 2026 Calendar クロスサイトスクリプティング] |
|---|
| ポイント | 20 |
|---|